Does anybody know what this is? It came up in our authentication logs while investigating another issue. We are seeing attempted authentication activity from confirmed malicious actors; there is very little activity authenticating against this application otherwise. Microsoft says it is a ConfidentialClient that is present when tenants are created. It feels like it is being targeted by malicious actors; or, whatever it is a broker for is being targeted.
I just found your post when searched for the same thing.
I came across this ‘AMC Prod’ application permission request when performed an authentication to https://aka.ms/myrecoverykey
This URL is a legit Microsoft website for when you need to unlock disk encryption from Bitlocker.
After login, the URL redirects to this URL where the user may find his keys for all of his devices: My Account
Button line, the app itself seems to be legit, attackers targeting it may be related to the use case.
AAD support updated and indicated it can be accessed as part of the account recovery process. As you indicated, it is likely being accessed as part of the overall target authentication process. Appreciate your research on it!